SUSE-IU-2022:1049-1 SUSE Image security@suse.de SUSE Security Team SUSE Image SUSE-IU-2022:1049-1 Interim 1 1 2024-04-06T07:43:58Z current 2022-08-18T01:00:00Z 2022-08-18T01:00:00Z cve-database/bin/generate-cvrf-publiccloud.pl 2021-02-18T01:00:00Z Image update for SUSE-IU-2022:1049-1 / google/sles-15-sp3-chost-byos-v20220818-x86-64 This image update for google/sles-15-sp3-chost-byos-v20220818-x86-64 contains the following changes: Package apparmor was updated: - update add-samba-bgqd.diff: to add new rule to fix 'DENIED' open on /proc/{pid}/fd for samba-bgqd (bnc#1196850). - Add update-usr-sbin-smbd.diff to add new rule to allow reading of openssl.cnf (bnc#1195463). Package cifs-utils was updated: - CVE-2022-29869: mount.cifs: fix verbose messages on option parsing (bsc#1198976, CVE-2022-29869) * add cifs-utils-CVE-2022-29869.patch Package dracut was updated: - Update to version 049.1+suse.238.gd8dbb075: * fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970) * fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461) Package elfutils was updated: - Added 4G memory build constraint for aarch64 to pass testing.- Update to version 0.177 (Martin LiÅ¡ka): elfclassify: New tool to analyze ELF objects. readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. backends: Add support for C-SKY. - Update to version 0.176 build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). backends: riscv improved core file and return value location support. Fixes CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bnc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bnc#1125007) - Removed patches: - libdwfl-sanity-check-partial-core-file-dyn-data-read.patch - libebl-check-NT_PLATFORM-core-notes.patch - Update to version 0.175 (Martin LiÅ¡ka): readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. libdwelf: New function dwelf_elf_begin. libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bnc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bnc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bnc#1112726) - Removed patches: - arlib-check-that-sh_entsize-isnt-zero.patch - libdwfl-sanity-check-partial-core-file-data-reads.patch - size-handle-recursive-elf-ar-files.patch - Update to version 0.174 (Martin LiÅ¡ka): libelf, libdw and all tools now handle extended shnum and shstrndx correctly. elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. strip: Handle mixed (out of order) allocated/non-allocated sections. unstrip: Handle SHT_GROUP sections. backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bnc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bnc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bnc#1106390) Removed patches: libelf-error-if-elf_compress_gnu-is-used-on-SHF_COMPRESSED.patch libdw-check-end-of-attributes-list-consistently.patch libdw-readelf-make-sure-there-is-enough-data-to-read.patch - Update to version 0.173 (Martin LiÅ¡ka): More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. - Update to version 0.172 (Martin LiÅ¡ka): No functional changes compared to 0.171. Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. - Update to version 0.171 (Martin LiÅ¡ka): DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. readelf: Handle all new DWARF5 sections. - -debug-dump=info+ will show split unit DIEs when found. - -dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. - Update to version 0.170 (Martin LiÅ¡ka): libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. backends: The bpf disassembler is now always build on all platforms. - Includes changes in 0.169 backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bnc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bnc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bnc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bnc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bnc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bnc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bnc#1033089) - Removed patches: - obsolete 0001-backends-Add-support-for-EM_PPC64-GNU_ATTRIBUTES.patch - ppc-machine-flags.patch - elflint-check-symbol-table-data-is-big-enough-before-check.patch - elflint-dont-check-section-group-without-flags-word.patch - libelf-check-compression-before-allocate-output-buffer.patch - readelf-fix-off-by-one-sanity-check.patch - use-the-empty-string-for-note-names-with-zero-size.patch - elflint-sanity-check-the-number-of-phdrs-and-shdrs.patch - elfutils-dont-trust-sh_entsize.patch - Packaging cleanups: - Modernize specfile and metadata. (Jan Engelhardt) - Use %make_build (Martin LiÅ¡ka) - Update License tag to GPL-3.0-or-later, as requested by legal review. (Dominique Leuenberger) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. (Antoine Belvire) - Fix typo in the recommends name bsc#1104264 (Tomas Chvatal) - Use %license (boo#1082318) (Fabian Vogt) - Test fixes (Andreas Schwab): - disable-tests-with-ptrace.patch: Remove, set XFAIL_TESTS instead - dwelf_elf_e_machine_string.patch: Avoid spurious failure - disable-tests-with-ptrace.patch: Remove, set XFAIL_TESTS instead - dwelf_elf_e_machine_string.patch: Avoid spurious failure Package glibc was updated: - disable-check-consistency.patch: i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) - static-tls-surplus.patch: Remove tunables (bsc#1201560) Package gpg2 was updated: - Security fix [CVE-2022-34903, bsc#1201225] - Vulnerable to status injection - Added patch gnupg-CVE-2022-34903.patch - gnupg-detect_FIPS_mode.patch: use AES as default cipher instead of 3DES if we are in FIPS mode. (bsc#1196125) Package hwinfo was updated: - merge gh#openSUSE/hwinfo#113- Keep NVMe's namespace output consistency when nvme_core.multipath=1 (bsc#1199948) - 21.82 - merge gh#openSUSE/hwinfo#112 - fix bug in determining serial console device name (bsc#1198043) - 21.81 - merge gh#openSUSE/hwinfo#109 - fix logic around cdrom detection - 21.80 - merge gh#openSUSE/hwinfo#108 - Donot close the open tray after read_cdrom_info. - Donot close the open tray after read. - 21.79 - merge gh#openSUSE/hwinfo#106 - Always read numerical 32bit serial number from EDID header. Override this with ASCII serial number from display descriptor, if available. - Display numerical 32bit serial number for monitors without serial number display descriptor - 21.78 - merge gh#openSUSE/hwinfo#105 - Use license file from gnu.org - Fix spelling - Add missing final newline - Trim excess whitespace - Simple maintenance improvements - 21.77 - merge gh#openSUSE/hwinfo#104 - Fix timezone issue in SOURCE_DATE_EPOCH code - 21.76 - merge gh#openSUSE/hwinfo#100 - recognize loongarch64 architecture - 21.75 - merge gh#openSUSE/hwinfo#98 - update pci and usb ids - 21.74 - merge gh#openSUSE/hwinfo#95 - don't rely on select() updating its timeout arg (bsc#1184339) - 21.73 Package kernel-default was updated: - Fix 1201644, 1201664, 1201672, 1201673, 1201676 All are reports of the same problem - the IBRS_* regs push/popping was wrong but it needs 1b331eeea7b8 ("/x86/entry: Remove skip_r11rcx"/) too. - commit cc90276 - Refresh patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch. - commit 9493568 - x86/entry: Remove skip_r11rcx (bsc#1201644). - Refresh patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch. - commit b81e242 Package ldb was updated: - Add ldb-memory-bug-15096-4.15-ldbonly.patch to backport all changes for ldb-2.4.4. + CVE-2022-32745: samba: ldb: AD users can crash the server process with an LDAP add or modify request; (bso#15008); (bso#15096); (bsc#1201492). + CVE-2022-2031: samba, ldb: AD users can bypass certain restrictions associated with changing passwords; (bso#15047); (bsc#1201495); + CVE-2022-32744: samba, ldb: AD users can forge password change requests for any user; (bso#15074); (bso#15047); (bsc#1201493). - Update to version 2.4.3 + Fix build problems, waf produces incorrect names for python extensions; (bso#15071); Package libzypp was updated: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag. - version 17.30.2 (22) - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh. - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived. (bsc#1199042) - singletrans: no dry-run commit if doing just download-only. - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER (fixes #388) - version 17.30.1 (22) Package logrotate was updated: - Security fix: (bsc#1192449) related to (bsc#1191281, CVE-2021-3864) * enforce stricter parsing to avoid CVE-2021-3864 * Added patch logrotate-enforce-stricter-parsing-and-extra-tests.patch - Fix "/logrotate emits unintended warning: keyword size not properly separated, found 0x3d"/ (bsc#1200278, bsc#1200802): * Added patch logrotate-dont_warn_on_size=_syntax.patch Package ncurses was updated: - Add patch ncurses-bnc1198627.patch * Fix bsc#1198627: CVE-2022-29458: ncurses: segfaulting OOB read Package pcre2 was updated: - Added pcre2-bsc1199235-CVE-2022-1587.patch * CVE-2022-1587 / bsc#1199235 * Fix out-of-bounds read due to bug in recursions * Sourced from: - https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 - Added pcre2-Fix_crash_when_X_is_used_without_UTF_in_JIT.patch * CVE-2019-20454 / bsc#1164384 * Fix crash when X is used in non-UTF mode on certain inputs. * Sourced from: - https://github.com/PCRE2Project/pcre2/commit/342c16ecd31bd12fc350ee31d2dcc041832ebb3f - https://github.com/PCRE2Project/pcre2/commit/e118e60a68f03f38dd2ff3d16ca2e2e0d800e1d9 Package perl-Bootloader was updated: - merge gh#openSUSE/perl-bootloader#139- fix sysconfig parsing (bsc#1198828) - 0.939 - merge gh#openSUSE/perl-bootloader#138 - grub2/install: reset error code when passing through recover code (bsc#1198197) - 0.938 - merge gh#openSUSE/perl-bootloader#137 - grub2 install: Support secure boot on powerpc (bsc#1192764 jsc#SLE-18271). - 0.937 Package samba was updated: - CVE-2022-32746: samba: Use-after-free occurring in database audit logging; (bso#15009); (bso#15096); (bsc#1201490). - CVE-2022-32745: samba: ldb: AD users can crash the server process with an LDAP add or modify request; (bso#15008); (bso#15096); (bsc#1201492). - CVE-2022-2031: samba, ldb: AD users can bypass certain restrictions associated with changing passwords; (bso#15047); (bsc#1201495); - CVE-2022-32742:SMB1 code does not correct verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085); (bsc#1201496). - CVE-2022-32744: samba, ldb: AD users can forge password change requests for any user; (bso#15074); (bso#15047); (bsc#1201493). - Update to 4.15.8 * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). Package systemd was updated: - Import commit 0fb88066f5fa4695467e930559776cc3444773ec 90740ae2aa string-util: explicitly cast character to unsigned ca1455c5b9 string-util: fix build error on aarch64 c0829f98fc basic/escape: escape control characters, but not utf-8, in shell quoting 387a2e1fbf basic/string-util: simplify how str_realloc() is used cdc4d55d22 basic/string-util: inline iterator variable declarations d435514c85 basic/string-util: split out helper function bdbc4faff5 basic/escape: always escape newlines in shell_escape() 3eb13063d1 basic/escape: add mode where empty arguments are still shown as "/"/ 08fd20d8fb Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit ec07c1c46c basic/escape: use consistent location for "/*"/ in function declarations 074e1b622e Allow control characters in environment variable values (bsc#1200170) 44e419dcb0 Revert "/basic/env-util: (mostly) follow POSIX for what variable names are allowed"/ d5756f6f71 test-env-util: Verify that r is disallowed in env var values d02bac33d3 basic/env-util: make function shorter c68d5f0ba6 basic/env-util: (mostly) follow POSIX for what variable names are allowed 887c150a04 test-env-util: print function headers - Import commit 40960e1ccb15071355fd3ee922877ef51f34bdbc e6354ebb34 core/device: device_coldplug(): don't set DEVICE_DEAD b593249c00 core/device: do not downgrade device state if it is already enumerated 7b47b3c306 core/device: ignore DEVICE_FOUND_UDEV bit on switching root (bsc#1137373 bsc#1181658 bsc#1194708 bsc#1195157 bsc#1197570) 912c07c281 core/device: drop unnecessary condition - fix parsing error in s390 udev rules conversion script (bsc#1198732) - Call pam_loginuid when creating user@.service (bsc#1198507) It's a backport of upstream commit 1000522a60ceade446773c67031b47a566d4a70d. Package tar was updated: - bsc1200657.patch was previously incomplete leading to deadlocks * bsc#1202436 * bsc1200657.patch updated - Fix race condition while creating intermediate subdirectories, bsc#1200657 * bsc1200657.patch Package xen was updated: - bsc#1199965 - VUL-0: CVE-2022-26362: xen: Race condition in typeref acquisition 62a1e594-x86-clean-up-_get_page_type.patch 62a1e5b0-x86-ABAC-race-in-_get_page_type.patch - bsc#1199966 - VUL-0: CVE-2022-26363,CVE-2022-26364: xen: Insufficient care with non-coherent mappings 62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch 62a1e5f0-x86-dont-change-cacheability-of-directmap.patch 62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch 62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch 62a1e649-x86-track-and-flush-non-coherent.patch - bsc#1200549 VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166: xen: x86: MMIO Stale Data vulnerabilities (XSA-404) 62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch 62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch 62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch - bsc#1201469 - VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900: xen: retbleed - arbitrary speculative code execution with return instructions (XSA-407) 62cc31ee-cmdline-extend-parse_boolean.patch 62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch 62cd91d0-x86-spec-ctrl-rework-context-switching.patch 62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch 62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch 62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch 62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch 62cd91d5-x86-cpuid-BTC_NO-enum.patch 62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch 62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch - Upstream bug fixes (bsc#1027519) 62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch 62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch - Drop patches replaced by upstream versions xsa401-1.patch xsa401-2.patch xsa402-1.patch xsa402-2.patch xsa402-3.patch xsa402-4.patch xsa402-5.patch - bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) xsa408.patch Package zypper was updated: - Basic JobReport for "/cmdout/monitor"/.- versioncmp: if verbose, also print the edition 'parts' which are compared. - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally (fixes #433) - Honor the NO_COLOR environment variable when auto-detecting whether to use color (fixes #432) - Define table columns which should be sorted natural [case insensitive] (fixes #391, closes #396, fixes #424) - lr/ls: Use highlight color on name and alias as well. - version 1.14.53 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://publiccloudimagechangeinfo.suse.com/google/sles-15-sp3-chost-byos-v20220818-x86-64/ Public Cloud Image Info https://www.suse.com/support/security/rating/ SUSE Security Ratings Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 apparmor-abstractions-2.13.6-150300.3.15.1 apparmor-parser-2.13.6-150300.3.15.1 cifs-utils-6.9-150100.5.18.1 dracut-049.1+suse.238.gd8dbb075-150200.3.60.1 elfutils-0.177-150300.11.3.1 glibc-2.31-150300.37.1 glibc-locale-2.31-150300.37.1 glibc-locale-base-2.31-150300.37.1 gpg2-2.2.27-150300.3.5.1 hwinfo-21.82-150300.3.3.1 kernel-default-5.3.18-150300.59.87.1 libapparmor1-2.13.6-150300.3.15.1 libasm1-0.177-150300.11.3.1 libdw1-0.177-150300.11.3.1 libebl-plugins-0.177-150300.11.3.1 libelf1-0.177-150300.11.3.1 libldb2-2.4.3-150300.3.20.1 libncurses6-6.1-150000.5.12.1 libpcre2-8-0-10.31-150000.3.12.1 libsystemd0-246.16-150300.7.48.1 libudev1-246.16-150300.7.48.1 libzypp-17.30.2-150200.39.1 logrotate-3.13.0-150000.4.7.1 ncurses-utils-6.1-150000.5.12.1 perl-Bootloader-0.939-150300.3.6.1 samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 systemd-246.16-150300.7.48.1 systemd-sysvinit-246.16-150300.7.48.1 tar-1.34-150000.3.18.1 terminfo-6.1-150000.5.12.1 terminfo-base-6.1-150000.5.12.1 udev-246.16-150300.7.48.1 xen-libs-4.14.5_04-150300.3.32.1 zypper-1.14.53-150200.33.1 apparmor-abstractions-2.13.6-150300.3.15.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 apparmor-parser-2.13.6-150300.3.15.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 cifs-utils-6.9-150100.5.18.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 dracut-049.1+suse.238.gd8dbb075-150200.3.60.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 elfutils-0.177-150300.11.3.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 glibc-2.31-150300.37.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 glibc-locale-2.31-150300.37.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 glibc-locale-base-2.31-150300.37.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 gpg2-2.2.27-150300.3.5.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 hwinfo-21.82-150300.3.3.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 kernel-default-5.3.18-150300.59.87.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 libapparmor1-2.13.6-150300.3.15.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 libasm1-0.177-150300.11.3.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 libdw1-0.177-150300.11.3.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 libebl-plugins-0.177-150300.11.3.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 libelf1-0.177-150300.11.3.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 libldb2-2.4.3-150300.3.20.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 libncurses6-6.1-150000.5.12.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 libpcre2-8-0-10.31-150000.3.12.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 libsystemd0-246.16-150300.7.48.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 libudev1-246.16-150300.7.48.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 libzypp-17.30.2-150200.39.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 logrotate-3.13.0-150000.4.7.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 ncurses-utils-6.1-150000.5.12.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 perl-Bootloader-0.939-150300.3.6.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 systemd-246.16-150300.7.48.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 systemd-sysvinit-246.16-150300.7.48.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 tar-1.34-150000.3.18.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 terminfo-6.1-150000.5.12.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 terminfo-base-6.1-150000.5.12.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 udev-246.16-150300.7.48.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 xen-libs-4.14.5_04-150300.3.32.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 zypper-1.14.53-150200.33.1 as a component of Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64 The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. CVE-2017-7607 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:elfutils-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libasm1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libdw1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libebl-plugins-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libelf1-0.177-150300.11.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. CVE-2017-7608 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:elfutils-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libasm1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libdw1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libebl-plugins-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libelf1-0.177-150300.11.3.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. CVE-2017-7609 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:elfutils-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libasm1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libdw1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libebl-plugins-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libelf1-0.177-150300.11.3.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. CVE-2017-7610 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:elfutils-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libasm1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libdw1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libebl-plugins-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libelf1-0.177-150300.11.3.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. CVE-2017-7611 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:elfutils-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libasm1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libdw1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libebl-plugins-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libelf1-0.177-150300.11.3.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. CVE-2017-7612 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:elfutils-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libasm1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libdw1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libebl-plugins-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libelf1-0.177-150300.11.3.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. CVE-2017-7613 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:elfutils-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libasm1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libdw1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libebl-plugins-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libelf1-0.177-150300.11.3.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. CVE-2018-16062 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:elfutils-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libasm1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libdw1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libebl-plugins-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libelf1-0.177-150300.11.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. CVE-2018-16402 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:elfutils-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libasm1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libdw1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libebl-plugins-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libelf1-0.177-150300.11.3.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. CVE-2018-16403 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:elfutils-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libasm1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libdw1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libebl-plugins-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libelf1-0.177-150300.11.3.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes. CVE-2018-18310 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:elfutils-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libasm1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libdw1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libebl-plugins-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libelf1-0.177-150300.11.3.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. CVE-2018-18520 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:elfutils-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libasm1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libdw1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libebl-plugins-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libelf1-0.177-150300.11.3.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. CVE-2018-18521 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:elfutils-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libasm1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libdw1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libebl-plugins-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libelf1-0.177-150300.11.3.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c. CVE-2019-20454 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libpcre2-8-0-10.31-150000.3.12.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf. CVE-2019-7146 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:elfutils-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libasm1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libdw1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libebl-plugins-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libelf1-0.177-150300.11.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack. CVE-2019-7150 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:elfutils-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libasm1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libdw1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libebl-plugins-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libelf1-0.177-150300.11.3.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes. CVE-2019-7665 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:elfutils-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libasm1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libdw1-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libebl-plugins-0.177-150300.11.3.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libelf1-0.177-150300.11.3.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges. CVE-2021-3864 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:logrotate-3.13.0-150000.4.7.1 moderate An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. CVE-2022-1587 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libpcre2-8-0-10.31-150000.3.12.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services. CVE-2022-2031 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libldb2-2.4.3-150300.3.20.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 moderate Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21123 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:xen-libs-4.14.5_04-150300.3.32.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. CVE-2022-23816 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:xen-libs-4.14.5_04-150300.3.32.1 moderate x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited. CVE-2022-26362 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:xen-libs-4.14.5_04-150300.3.32.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe. CVE-2022-26363 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:xen-libs-4.14.5_04-150300.3.32.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. CVE-2022-29458 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libncurses6-6.1-150000.5.12.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:ncurses-utils-6.1-150000.5.12.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:terminfo-6.1-150000.5.12.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:terminfo-base-6.1-150000.5.12.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. CVE-2022-29869 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:cifs-utils-6.9-150100.5.18.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). CVE-2022-32742 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 moderate A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover. CVE-2022-32744 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libldb2-2.4.3-150300.3.20.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 moderate A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. CVE-2022-32745 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:libldb2-2.4.3-150300.3.20.1 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 moderate A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl. CVE-2022-32746 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 moderate insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary. CVE-2022-33745 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:xen-libs-4.14.5_04-150300.3.32.1 moderate GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. CVE-2022-34903 Public Cloud Image google/sles-15-sp3-chost-byos-v20220818-x86-64:gpg2-2.2.27-150300.3.5.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N